Hi,
I believe if user is unknown, IP address to username mapping is not known to the SRX.
SRX would retrieve this from Event log in AD. 2 things you could check:
1. Is the IP to username being generated in Event log in AD
2. Can SRX read the Event logs
https://www.juniper.net/techpubs/en_US/junos12.3x48/topics/concept/userfw-wmic.html
Cheers,
Ashvin